logo image

Ch 1 & 2 Access Control

Which security concept ensures that only authorized parties can access data?
Confidentiality
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?
DAC
What type of access control focuses on assigning privileges based on security clearance and data sensitivity?
MAC
Which of the following principles is implemented in a mandotory access control model to determine access to an object using classification levels?
Need to Know
In what form of access control environment is access controlled by rules rather than by identity?
MAC
What form of access control is based on job descriptions?
RBAC role based access control
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented
DAC
A router access control list uses informantion in a packet such as the destination IP address and port number to make allow or deny forwarding decisions.
RBAC rule based access control
You have implemented an access control method that allows only users who are managers to access specfic data. Which type of access control model is used?
RBAC role based access control
Which of the following is the most common form of authentication?
Password
Is the strongest form of multi-factor authentication?
Password, biometric scan, and token device
Which of the following advantages can Single Sign-On (SSO) provide?
The elimination of multiple user accounts and passwords for an individual. Access to all authorized resources with a single instance of authentication
Which of the following is an example of a single sign-on authentication solution?
Kerberos
Which of the following is an example of three-factor authentication?
Token device, keystroke analysis, congnitive question
What are examples of Type II authentication credentials?
Smart Card and Photo ID
What best describes one-factor authentication?
Multiple authentication credentials may be required, but they are all of the same type
You maintain a network with four servers. Currently, users must provide authentication credentials whenever they access a different server. Which solution allows users to supply authentication credentials once for all servers?
SSO
Which of the following terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter?
False Negative
What are the disadvantages of biometrics?
When used alone or solely, they are no more secure than a strong password. They have a potential for numerous false negatives.
What is mutual authentication?
A process by which each party in an online communication verifies the identity of the other party
What is the most important aspect of biometric device?
Accuracy
What is the termfor the process of validating a subject’s identity?
Authentication
What is used for identification?
Username
What is a example of identity proofing?
A bank verifies your address and government-issued ID card to create an online account
What should be done to a suer account if the user goes on an extended vacation?
Disable the account
What is a example of a strong Password?
should include upper, lower-case letters, numbers and, symbols
In a variation of the brute force attack, an attacker may use a predefined list(dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?
A strong password policy
What is the single best rule to enforce when desiging complex passwords?
Longer Passwords
For users on your network, you want to automatically lock their accounts if four incorrect passwords are used within 10 minutes. What should you do?
Configure account lockout policies in Group Policy
You have hired 10 new tempory workers who will be with the company for 3 months. You want to make sure that after that time the user accounts cannot be used for logon. What should you do?
Configure account expiration in the user accounts
You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that these users can only log on during regular business hours. What should you do?
Configure day/time restrictions in the user accounts
You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to esily add and remove managers as their job poitions change. What is the best way to accomplish this?
Create a security group for the managers. Add all users as members of the group. Add the group to the file’s DACL
You have multiple users who are computer administrators. You want each administrator to be able to shut down systems and install drivers.
Grant the group the necessary user rights. Create a security group for the administrators: add all user accounts to the group.
You have two folders that contain documents used by various departments: The Development group has been givent he Write permission tothe Design folder. The Sales grop has been given the write permission to the Products folder. User Mark Tilman needs to have the Read permission to the Design folder and the Write permission to the Poducts folder. You want to use groups as much as possible. What should you do?
Make mark a member of the Sales group; add Mark’s user account directly to the ACL for the Design folder.
What security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects to have access to certain objects and the level or type of access allowed?
User ACL
Which of the following solutions would you use to control the actions that users can perform on a computer, such as shutting own the system, logging on through the network, or loading and unloading device drivers?
Group Policys
For users who are members of the Sales team, you want to force thier computers to use a specific desktop background and remove access to administrative tools from the Start menu.
Group Policys
Which of the following information is typically not included in an access token?
User Account password
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?
Have Marcus log off and log back on
What is the term that describes the component that is generated following authentication and which is used to gain access to resources following logon?
Access token
Are solutions that address physical security?
Escort visitors at all times. Require indentification and name badges for all employees
Which of the following is not an example of a physical barrieer access contro mechanism?
One time passwords
Which of the following can be sued to stop piggybacking that has been occurring at a front entrance where employees should swipe their smart cards to gain entry?
Deploy a mantrap
What is a secure doorway that can be used in coordination with a mantrap to allow easy egress from a secured enviroment but which actively pervents re-entrace through the exit portal?
Turnstiles
What is the primary benefit of CCTV?
Expands the area visible by security guards
You want to use CCTV to increase your physical security. You want to be able to remotely control the camera position. Which camera type should you choose?
PTZ
You want to cuse CCTV to increase the physical security of your building. Which of the following camera types whould offer the sharpest image at the greatest distance under the lowest lighting conditions?
500 reslution, 50mm, .05 LUX
Which of the following CCTV camera types lets you adjust the distance that the camera can see (i.e. zoom in or out)?
Varifocal
Which of the following terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter?
False Negative
Which form of access control enforces security based on user identities and allows individual users to
define access controls over owned resources?
DAC (Discretionary Access Control)
Discretionary Access Control (DAC) manages access to resources using what primary element or aspect?
Identity
What is the star property of Bell-LaPadula?
No write down
What is the simple property of Bell-LaPadula?
No read up
What is the star property of Biba?
No write up
What is the simple property of Biba?
No read down
Which of the following is not an important aspect of password management?
Enable account lockout
Which access control model manages rights and permissions based on job descriptions and responsibilities?
Role Based Access Control
What security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or type of access allowed?
User ACL
What is the most important aspect of a biometric device?
Accuracy
A device which is synchronized to an authentication server is which type of authentication?
Synchronous token
Which of the following is the term for the process of validating a subject’s identity?
Authentication
What does the Mandatory Access Control (MAC) method used to control access?
Sensitive labels
Which of the following are requirements to deploy Kerberos on a network? (Select two)
-A centralized database of users and passwords
-Time synchronization between devices
Which of the following is not used to oversee and/or improve the security performance of employees?
Exit Interviews
Which form of authentication solution employs a hashed form of the user’s password that has an added
time stamp as a form of identity?
Kerberos
Which of the following conditions is desirable when selecting a bio-metric system? (Select two)
-A low crossover rate
-A high processing rate
Which security principle prevents any one administrator from having sufficient access to compromise
the security of the overall IT solution?
Separation of duties
Need to know is required to access which types of resources?
Compartmentalized resources
Which of the following is the best action to take to make remembering passwords easier so that a
person no longer has to write the password down?
Implement end-user training
You have implemented account lockout with a clipping level of 4. What will be the effect of this setting?
The account will be locked after 4 incorrect attempts
In a variation of a brute force attack, an attacker may use a predefined list (dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasures best addresses this issue?
A strong password policy
Which of the following defines the crossover rate for evaluating bio-metric systems?
The point where the number of false positives matches the number of false negatives in the biometric system
Which of the following cloud computing systems will deliver software applications to a client either over the Internet or on a local area network?
SaaS (Security as a Service)
Which of the following is an example of Type 1 authentication?
Pass phrase
In which form of access control environment is access controlled by rules rather than by identity?
MAC (Mandatory Access Control
In an Identity Management System, what is the function of the Identity Vault?
Ensure that each employee has the appropriate level of access in the system
Which of the following is an example of a decentralized privilege management solution?
Workgroup
Which of the following is the strongest form of multi-factor authentication?
A password, a biometric scan, and a token device
Which of the following is stronger than any biometric authentication factor?
A two factor authentication
Which of the following defines an object as used in access control?
Data applications, systems, networks, and physical space
Which form of access control is based on job descriptions?
Role-based access control (RBAC)
What type of password is maryhadalittlelamb?
Pass phrase
In an Identity Management System, what is the function of the Authoritative Source?
Specify the owner of a data item
Which of the following are disadvantages of biometrics? (Select two)
-When used alone or solely, they are no more secure than a strong password
-They require time synchronization
The Brewer-Nash model is designed primarily to prevent?
Conflicts of interest
What is it called if the ACL automatically prevents access to anyone not on the list?
Implicit deny
Which of the following best describes the Platform as a Service (PaaS) cloud computing service model?
PaaS delivers everything a developer needs to build an application onto the cloud infrastructure
What access control type is used to implement short-term repairs to restore basic functionality following an attack?
Corrective
What is mutual authentication?
A process by which each party in an online communication verifies the identity of the other party
What is another term for the type of logon credentials provided by a token device?
One-time password
Which of the following are examples of single sign-on authentication solutions?
SESAME
Kerberos
Which of the following is not true regarding cloud computing
Cloud computing requires end user knowledge of the physical location and configuration of the system that delivers the services
You have just configured the password policy and set the minimum password age to ten. What will be the effects of this configuration
User cannot change the password for at least ten days
Which of the following is not an example of a single sign on solution?
Workgroup
Which of the following controls is an example of a physical access control method?
Locks on doors
Which of the following is an example of privilege escalation?
Creeping privileges
Which of the following is not a characteristic of Kerberos?
Peer-to-peer relationships between entities
The Clark-Wilson model is primarily based on?
Controlled intermediary access applications
What should be done to a user account if the user goes on an extended vacation?
Disable the account
Which of the following is a password that relates to things that people know, such as a mother’s maiden name, or the name of a pet?
Cognitive
A router access control list uses information in a packet such as the destination IP address and port number to make allow or deny forwarding decisions. This is an example of what type of access control mode?
RBAC (based on rules)
Which type of access control focuses on assigning privileges based on security clearance and data sensitivity?
MAC (Mandatory access control)
Which of the following advantages can Single Sign-On (SSO) provide? (Select two)
-Access to all authorized resources with a single instance of authentication
-The elimination of multiple user accounts and passwords for an individual
Seperation of duties is an example of which types of access control?
Preventice
Encryption is what type of access control?
Technical
What is the primary goal of separation of duties?
Prevent conflicts of interest
Which of the following is used for identification?
Username
The Brewer-Nash model is designed primarily to prevent?
Conflicts of interest
In which form of access control environment is access controlled by rules rather than by identity?
MAC
Which type of access control focuses on assigning privileges based on security clearance and data sensitivity?
MAC (Mandatory Access Control)
The Clark-Wilson model is primarily based on?
Controlled intermediary access applications
Which access control model manages rights and permissions based on job descriptions and responsibilities?
Role Based Access Control (RBAC)
Which of the following is the term for the process of validating a subject’s identity?
Authentication
You have implemented an access control method that allows only users who are managers to access specific data. Which type of access control model is used?
RBAC (Role-based access control)
What form of access control is based on job descriptions?
Role-based access control (RBAC)
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented
DAC (Discretionary Access Control)
Which is the star property of Bell-LaPadula?
No write down
Which of the following defines an object as used in access control?
Data, applications, systems, networks, and physical space.
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?
DAC (Discretionary Access Control)
Discretionary Access Control (DAC) manages access to resources using what primary element or aspect?
Identity
A remote access user needs gain access to resources on the server. Which of the process are performed by the remote access server to control access to resources?
Authentication and authorization
Separation of duties is an example of which type of access control?
Preventive
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which principle should you implement to accomplish this goal?
Separation of duties
An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone not on the list?
Implicit deny
Which of the following is an example of privilege escalation?
Creeping privileges
Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution?
Separation of duties
What is the primary purpose of separation of duties?
Prevent conflicts of interest
Which of the following principles is implemented in a mandatory access control model to determine access to an object using classification levels?
Need to know
You are concerned that the accountant in your organization might have the chance to modify the books and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities.
Job rotation
Which type of media preparation is sufficient for media that will be reused in a different security context with your organization?
Sanitization
Need to know is required to access which types of resources?
Compartmentalized resources
You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access.
Explicit allow, implicit deny
By assigning access permissions so that users can only access those resources which are required to accomplish their specific work tasks, you would be in compliance with?
Principle of least privilege

Need essay sample on "Ch 1 & 2 Access Control"? We will write a custom essay sample specifically for you for only $ 13.90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
×
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
|
Complete Buyer Protection
|
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy